Block common WordPress attacks

This article will explain how to block common brute force attacks on WordPress systems.

There are two files that are frequently used for these attacks:

  • php
  • wp-login.php

To stop a xmlrpc attack, we recommend that you install the Disable XML-RPC plugin and add the following code to your .htaccess file:

 <Files xmlrpc.php>
Order Allow,Deny
Deny from all
</Files>

 

To stop a wp-login.php attack, we recommend that you install the Limit Login Attempts Reloaded plugin and add the following code to your .htaccess file:

<Files wp-login.php>
order deny,allow
allow from xx.xxx.xx.xxx
deny from all
</Files>

This will ensure that only people with a specific IP address can access your WordPress login page. Be sure to change xx.xxx.xx.xxx to your IP address.

Related Support Material:

  1. How do I add an SVG icon to WordPress?
  2. How do I change fonts in WordPress?
  3. How do I duplicate a page in WordPress?
  4. How do I add a favicon to my WordPress website?
  5. How do I edit the footer of my WordPress website?
  6. How do I create a child theme in WordPress?